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1 UNITED STATES PATENT AND TRADEMARK OFFICE 

2 

3 

4 BEFORE THE BOARD OF PATENT APPEALS 

5 AND INTERFERENCES 

6 

7 

8 Ex parte DAVID J. LINEMAN and SCOTT R. WIERSCHEM 

9 

10 

11 Appeal 2007-3773 

12 Application 09/966,006 1 

1 3 Technology Center 2100 

14 

15 

16 Decided: June 30, 2008 

17 

18 

19 

20 Before LANCE LEONARD BARRY, ALLEN R. MACDONALD, and 

2 1 CAROLYN D. THOMAS, Administrative Patent Judges. 
22 

23 THOMAS, C, Administrative Patent Judge. 



24 

25 DECISION ON APPEAL 

26 I. STATEMENT OF THE CASE 

27 Appellants appeal under 35 U.S.C. § 134 from a final rejection 



28 of claims 1-56 mailed December 13, 2005. We have jurisdiction under 

29 35 U.S.C. § 6(b). 



1 Application filed September 28, 2001. The real party in interest is NetlQ 
Corporation. 
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1 We affirm. 

2 

3 A. INVENTION 

4 Appellants invented a software program capable of creating and 



5 managing security policies on a network. When a computer administrator 

6 selects a set of security controls based on the selected policy, it 

7 automatically communicates the controls to computer systems in the 

8 network capable of understanding this information. The invention further 

9 communicates this policy to individuals responsible for understanding the 

10 policy via a software program and tracks their reading and understanding of 

11 the policy via the same software. (Spec, Abstract.) 
12 



13 B . ILLUSTRATIVE CLAIMS 

14 The appeal contains claims 1-56. Claims 1, 11, 26, and 51 are 

15 independent claims. Claims 1, 11, and 26 are illustrative: 

16 1. A method for managing a security policy for one or more 

17 users in a network, comprising: 

18 a) running a policy management program on a computer 

19 in communication with the network; 

20 b) enabling creation of a security policy document in a 

21 portable representation language using the policy management 

22 program, including selection and inclusion in the security policy 

23 document of a plurality of data elements for communicating the 

24 security policy to the one or more users and of at least one data 

25 element for implementing the security policy on computer systems in 

26 the network; 

2 
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1 c) enabling the one or more users on the network to view 

2 the security policy document using the plurality of data elements for 

3 communicating the security policy to the one or more users included 

4 in the security policy document; and 

5 d) receiving electronic data relevant to user viewing of 

6 the security policy document using the policy management program. 

7 

8 1 1 . A method for managing a security policy for one or more 

9 first computers in a network, comprising: 

10 a) running a software program o a second computer in 

1 1 communication with the network; 

12 b) enabling creation of a security policy document using 

13 the software program by enabling selection of security policies from a 

14 set of opinions; and 

15 c) automatically configuring the security policy 

16 document to provide one or more technical controls for implementing 

17 the security policy on at least one first computer. 

18 

19 26. A method for managing a security policy for one or more 

20 users and one or more first computers in a network, comprising: 

21 a) running a software program on a second computer in 

22 communication with the network; 

23 b) creating a security policy document using the 

24 software program; and 

25 c) automatically configuring the security policy 

26 document to create (i) a human-readable security policy document, 

27 and (ii) a machine-readable security policy document containing 

28 technical controls readable by at least one first computer. 

29 
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1 C. REFERENCE 

2 The single reference relied upon by the Examiner in rejecting the 

3 claims on appeal is: 

4 Jacobson US 6,735,701 Bl May 11, 2004 

5 (Filed Jun. 25, 1998) 
6 

7 D. REJECTION 

8 The Examiner entered the following rejection which is before us for 

9 review: 

10 Claims 1-56 are rejected under 35 U.S.C. § 102(e) as being 

1 1 anticipated by Jacobson. 
12 

1 3 II. PROSECUTION HISTORY 

14 Appellants appealed from the Final Rejection and filed an Appeal 

15 Brief (App. Br.) on July 11, 2006. The Examiner mailed an Examiner's 

16 Answer (Ans.) on October 19, 2006. Appellants filed a Reply Brief (Reply 

17 Br.) on November 24, 2006. 
18 

19 III. ISSUES 

20 Whether Appellants have shown that the Examiner erred in rejecting 

21 claims 1-56 as being anticipated by Jacobson. 
22 

23 
24 

4 
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1 IV. FINDINGS OF FACT 

2 The following findings of fact (FF) are supported by a preponderance 

3 of the evidence. 

4 Claim Construction 

5 1. The Specification discloses that "the security policy document is 



6 represented using a structured data representation technique known as 

7 Extensible Markup Language (XML). However, other markup languages, 

8 such as . . . object languages, ... or other portable representation languages 

9 may also be used." (Spec, <|[[0040].) 
10 



1 1 Jacobson 

12 2. Jacobson discloses: 

13 The method provides the steps of electronically monitoring 

14 network user compliance with a network security policy stored 

15 in a database, electronically evaluating network security policy 

16 compliance based on network user compliance, and 

17 electronically undertaking a network policy compliance action 

18 in response to network security policy compliance. 

19 (Abstract.) 

20 3. Jacobson discloses a "need for network communications software 

21 programs that offers robust policy compliance assistance, policy 

22 effectiveness monitoring and reporting." (Col. 1, 11. 61-63.) 

23 4. Jacobson discloses that "[t]he network policy compliance actions 

24 may include electronically implementing a different network security policy 

25 selected from network security policies stored in the database, generating 



5 
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1 policy effectiveness reports, and providing a retraining module to network 

2 users." (Col. 2, 11. 15-19.) 

3 5. Jacobson discloses that the "network policies are generated by 

4 guidelines created from employee feedback obtained during a training 

5 session." (Col. 5, 11. 48-50.) 

6 6. Jacobson discloses that the "policy training module 105 uses the 

7 user' s policy recommendations as a benchmark for other users to use during 

8 policy creation/training sessions." (Col. 6, 11. 23-26.) 

9 7. Jacobson discloses that "policy effectiveness system 100 includes a 

10 policy resource 145 database . . . Materials included in the policy resource 

11 database 145 include . . . a policy manual." (Col. 18, 11. 52-59.) 

12 8. Jacobson discloses that "[t]he policy effectiveness system 100 

13 includes an object library/object level licensing system . . ." (Col. 20, 11. 24- 

14 26.) 

15 9. Jacobson discloses that "[a]ll software is distributed with 

16 compliance conditions or restrictions of its use . . ." (Col. 19, 11. 60-63). 

17 10. Jacobson discloses that "new policy(s) are automatically added to 

18 the policy effectiveness system and the organization's policy manual." (Col. 

19 19,11.14-16). 
20 

21 V. PRINCIPLES OF LAW 

22 "[Anticipation of a claim under § 102 can be found only if the prior 

23 art reference discloses every element of the claim . . . ." In re King, 801 

6 
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1 F.2d 1324, 1326 (Fed. Cir. 1986) (citing Lindemann Maschinenfabrik 

2 GMBH v. American Hoist & Derrick Co., 730 F.2d 1452, 1458 (Fed. Cir. 

3 1984)). " [A]bsence from the reference of any claimed element negates 

4 anticipation." Kloster Speedsteel AB v. Crucible, Inc., 793 F.2d 1565, 1571 

5 (Fed. Cir. 1986). 

6 "A claim is anticipated only if each and every element as set forth in 

7 the claim is found, either expressly or inherently described, in a single prior 

8 art reference." Verdegaal Bros. v. Union Oil Co. of California, 814 F.2d 

9 628, 631 (Fed. Cir. 1987). Analysis of whether a claim is patentable over 

10 the prior art under 35 U.S.C. § 102 begins with a determination of the scope 

11 of the claim. We determine the scope of the claims in patent applications 

12 not solely on the basis of the claim language, but upon giving claims their 

1 3 broadest reasonable construction in light of the specification as it would be 

14 interpreted by one of ordinary skill in the art. In re Am. Acad. ofSci. Tech. 

15 Or., 367 F.3d 1359, 1364 (Fed. Cir. 2004). The properly interpreted claim 

16 must then be compared with the prior art. 
17 

18 VI. ANALYSIS 

19 Grouping of Claims 

20 Group I: In the Brief, Appellants argue claims 1-10 and 52 as a 

21 group (App. Br. 4-6). In other words, for claims 2-10, and 52, Appellants 

22 merely repeat the same argument made for claim 1. Thus, the Board selects 



7 



Appeal 2007-3773 
Application 09/966,006 



1 representative claim 1 to decide the appeal for this group. Accordingly, the 

2 remaining claims in this group stand or fall with claim 1 . 

3 Group II: Appellants argue claims 11-15, 17, and 20-25 as a group 

4 (App. Br. 6-7). For claims 12-15 and 21-25, Appellants repeat the same 

5 argument made for claim 11. We will, therefore, treat claims 12-15, 17, and 

6 20-25 as standing or falling with claim 11. 

7 Group III: Appellants argue claims 26-51 as a group (App. Br. 7-8). 

8 For claims 27-51, Appellants repeat the same argument made for claim 26. 

9 We will, therefore, treat claims 27-51 as standing or falling with claim 26. 

10 Group IV: Appellants argue claim 16 separately (App. Br. 8). 

1 1 Because claim 17 depends from claim 16, we shall group claim 17 with 

12 claim 16. We will, therefore, treat claim 17 as standing or falling with claim 

13 16. 

14 Group V: Appellants argue claims 18 and 19 as a group (App. Br. 9). 

15 For claim 19, Appellants repeat the same argument made for claim 18. 

16 Because claim 20 depends from claim 19, we shall also group claim 20 with 

17 claim 18. We will, therefore, treat claims 19 and 20 as standing or falling 

18 with claim 18. 

19 Group VI: Appellants argue claims 53-56 as a group (App. Br. 9). 

20 For claims 54-56, Appellants repeat the same argument made for claim 53. 

21 We will, therefore, treat claims 54-56 as standing or falling with claim 53. 

22 See 37 C.F.R. § 41.37(c)(l)(vii). See also In re Young, 927 F.2d 588, 

23 590 (Fed. Cir. 1991). 

8 
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1 The Board's Claim Construction 

2 "Our analysis begins with construing the claim limitations at issue." 

3 Ex Parte Filatov, No. 2006-1160, 2007 WL 1317144, at *2 (BPAI 2007). 

4 Claims are given their broadest reasonable construction "in light of 

5 the specification as it would be interpreted by one of ordinary skill in the 

6 art." In re Am. Acad. ofSci. Tech. Or., 367 F.3d at 1364 (Fed. Cir. 2004). 

7 To determine whether Jacobson anticipates claims 1-56, we must first 



8 determine the scope of the claims. Our reviewing court stated in Phillips v. 

9 AWH Corp., 415 F.3d 1303, 1315 (Fed. Cir. 2005), cert, denied, sub nom. 

10 AWH Corp. v Phillips, 126 S. Ct. 1332 (2006): The claims, of course, do not 

1 1 stand alone. Rather, they are part of "a fully integrated written instrument," 

12 Markman, 52 F.3d at 978, consisting principally of a specification that 

13 concludes with the claims. For that reason, claims "must be read in view of 

14 the specification, of which they are a part." Id. at 979. As stated in 

15 Vitronics, the specification "is always highly relevant to the claim 

16 construction analysis. Usually, it is dispositive; it is the single best guide to 

17 the meaning of a disputed term." 90 F.3d at 1582. 

18 We note that Appellants have identified the claimed term "portable 

19 representation language" as a structured data representation including 

20 markup languages and object languages (FF 1). Thus, we find that this term 

21 includes any structured data format including object languages. 
22 

23 

9 
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1 The Anticipation Rejection 

2 "Having construed the claim limitations at issue, we now compare the 

3 claims to the prior art to determine if the prior art anticipates those claims." 

4 In re Cruciferous Sprout Litig., 301 F.3d 1343, 1349 (Fed. Cir. 2002). 
5 

6 Claims 1-10, and 52 

7 Appellants contend that "there is no disclosure or even a suggestion 

8 [in Jacobson] of distinct data elements for implementing the security policy 

9 on a computer." (App. Br. 5.) 

10 The Examiner found and concluded that "the data element is vague as 

11 to what constitutes a 'data element' in the claim language, and there is no 

12 language in the claim to further limit the terminology of a 'data element' . 

13 The Examiner is broadly interpreting the 'data element' as being just a 

14 software program." (Ans. 10-11). We agree. 

15 Jacobson discloses using software to electronically monitor 



16 compliance with a security policy and electronically implementing an action 

17 in response to compliance issues (FF 2-4). Thus, we find that Jacobson 

18 discloses at least one data element (i.e., software) for implementing the 

19 security policy on computer systems. 

20 Appellants further contend that "while an HTML type provision of 

21 information to remote locations executing on browser is inferred in 

22 Jacobson, it does not follow that the HTML would disclose or suggest the 

23 'security policy document' of Claim 1." (App. Br. 6.) In addition, 

10 
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1 Appellants contend that the '"policy training module' and other modules of 

2 Jacobson are not described as creating a specific 'security policy document' 

3 that contains such HTML form information." (App. Br. 6.) 

4 The Examiner found that "the features upon which Appellant relies 

5 (i.e., HTML) are not recited in the rejected claim" (Ans. 13). We agree. 

6 We find that Appellants' Claim 1 is far broader than what Appellants 

7 are arguing. Claim 1 recites, inter alia, "enabling creation of a security 

8 policy document in a portable representation language. " As noted supra, 

9 we found that a "portable representation language" includes any structured 

10 data format including object languages. We further find that Claim 1 merely 

1 1 requires "enabling creation of not the actual creation of a security 

12 document. 

13 Jacobson discloses creating/generating policy training modules and 

14 on-line policy manuals using user's recommendations as benchmarks 

15 whereby the generation includes using an object library (FF 5-8). Thus, we 

16 find that Jacobson discloses a "security policy document" (i.e., the training 

17 modules and/or the on-line policy manual) in a "portable representation 

18 language" (i.e., object). Furthermore, we find that "enabling creation of" 

19 reads on Jacobson' s gathering of user's recommendations to use for policy 

20 creation (FF 6). 

21 As such, we do not find that Appellants have shown that Jacobson 

22 lacks the above-noted disputed features of claim 1 . Instead, we find the 

23 Examiner has set forth a sufficient initial showing of anticipation. 

11 
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1 Therefore, we affirm the rejection of independent claim 1 and of claims 2- 

2 10, and 52, which fall therewith. 
3 

4 Claims 11-15 and 21-25 

5 Appellants contend that there is "no discussion or suggestion of 

6 enabling creation of a security policy document by enabling selection of 

7 security policies from a set of options anywhere in [Jacobson]." (App. Br. 

8 7.) Appellants further contend that "even if all these characterizations of 

9 Jacobs[o]n were accurate, they would not suggest creation of a security 

10 policy document by selecting 'security policies from a set of options' as 

1 1 recited in Claim 1 1 . Instead, it is the employee feedback, not the hypertext 

12 link selections, that would be used in Jacobs[o]n." (Reply Br. 3.) 



1 3 The Examiner found: 

14 In regards to selection of policies, it is disclosed by Jacobson that the 

15 user is presented with a suggested network policy that the 

16 organization wishes to implement, see column 5, lines 41-50. The 

17 individual and group policy recommendation information is collected 

18 and serves as a tool to dictate the creation of the security policy, see 

19 column 5, lines 41-50 and column 6, lines 22-26. 

20 (Ans. 16.) We agree. 

21 Jacobson discloses using the user's policy recommendations as a 

22 benchmark for others to use during policy creation (FF 6). Thus, we find 

23 that Jacobson discloses "enabling selection of security policies from a set of 

24 options " given that Jacobson allows the user to start with previously 

25 submitted recommendations as a standard/benchmark. 

12 
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1 As such, we do not find that Appellants have shown that Jacobson 

2 lacks the above-noted disputed features of claim 11. Instead, we find the 

3 Examiner has set forth a sufficient initial showing of anticipation. 

4 Therefore, we affirm the rejection of independent claim 1 1 and of claims 12- 

5 15 and 21-25, which fall therewith. 
6 

7 Claims 26-51 

8 Appellants contend that Jacobson "does not include an anticipatory 

9 disclosure of such particular recitations of inclusion of human and machine 

10 information in a security policy document to provide security policy 

1 1 management 'for one or more users and one or more first computers in a 

12 network' as recited in Claim 26." (App. Br. 8.) Appellants further contend 

13 that "no explanation is provided of how these alleged technical controls are 

14 contained in a machine-readable security policy document created by a 

15 security policy document 'automatically configured' to create such controls 

16 in a machine-readable security policy document." (Reply Br. 3.) 



17 The Examiner found that "Jacobson disclose of presenting 

18 information to the user for viewing, or in a 'human-readable form', see 

19 column 5, lines 37-50." (Ans. 17.) We agree. 

20 We also found that Jacobson discloses providing a retraining module 

21 related to the security policies to users (FF 4), which necessarily must be in a 

22 human-readable format. As for the claimed "machine-readable security 

23 policy document containing technical controls readable by at least one first 

13 
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1 computer, " we find that such a limitation reads on any security policy 

2 software program that controls a computer. Jacobson discloses software 

3 programs that offer policy compliance assistance (FF 3), i.e., policy software 

4 that controls a computer, and using software programs to electronically 

5 implementing various compliance actions (FF 4). Furthermore, Jacobson 

6 discloses that new policies are automatically added to the policy 

7 effectiveness system (i.e., a machine-readable security policy document 

8 containing technical controls) and the organization's policy manual (i.e., a 

9 human-readable security policy document) (FF 10). 

10 As such, we do not find that Appellants have shown that Jacobson 

1 1 lacks the above-noted disputed features of claim 26. Instead, we find the 

12 Examiner has set forth a sufficient initial showing of anticipation. 

13 Therefore, we affirm the rejection of independent claim 26 and of claims 27- 

14 51, which fall therewith. 
15 

1 6 Claims 16 and 1 7 

17 Appellants contend that "there is no discussion related to distributing 

18 detect rules in this excerpt [Jacobson] and Claim 16 is separately patentable 

19 for at least these additional reasons." (App. Br. 8.) Appellants further 

20 contend that "even though these new sections are discussed responsive to 

21 Appellants' assertion that Jacobson does not disclose 'distributing detect 

22 rules,' the comments referring to Column 5 of Jacobson at no point even 

23 mention 'distributing detect rules.'" (Reply Br. 4.) 

14 
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1 Claim 16 recites "further comprising distributing detect rules to at 

2 least one first computer. " Appellants' Specification describes "detect rules" 

3 for verifying compliance of the computer systems with security policies 

4 H[0010]). 

5 As noted supra, Jacobson discloses software programs that offer 



6 policy compliance assistance (FF 3). Furthermore, Jacobson discloses that 

7 all software is distributed with compliance conditions or restrictions of its 

8 use (FF 9). What is significant is that the "distributing detect rules" step in 

9 claim 16 does not positively recite any relationship to any other step. Thus, 

10 we find that Jacobson discloses " distributing detect rules", as set forth in 

11 claim 16. 

12 As such, we do not find that Appellants have shown that Jacobson 

13 lacks the above-noted disputed features of claim 16. Instead, we find the 

14 Examiner has set forth a sufficient initial showing of anticipation. 

15 Therefore, we affirm the rejection of dependent claim 16 and of claim 17, 

16 which falls therewith. 
17 

18 Claims 18-20 

19 Appellants contend that "Claim 18 recites 'distributing' technical 

20 controls to at least one first computer, which recitations are not addressed at 

21 pages 18-19 of the Examiner's Answer." (Reply Br. 4.) Appellants further 

22 contend that "implementing a different security policy does not disclose 



15 
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1 distributing or converting technical controls or even, as discussed above, 

2 teach technical controls." (App. Br. 9.) 

3 The Examiner found that the "technical controls is interpreted in the 

4 teachings of Jacobson as being responsible for electronically monitoring 

5 network user compliance with a security policy and electronically evaluating 

6 policy compliance." (Ans. 18-19.) We agree. 

7 Further, we note that Appellants' Specification describes technical 

8 controls as "data values or parameters in machine-readable form to 

9 implement the security policy on the computer systems" (1[[0024]). Thus, 

10 we find that Jacobson' s electronically monitoring/evaluating of policy 

1 1 compliance inherently includes distributing machine-readable parameters. 

12 As such, we do not find that Appellants have shown that Jacobson 



13 lacks the above-noted disputed features of claim 18. Instead, we find the 

14 Examiner has set forth a sufficient initial showing of anticipation. 

15 Therefore, we affirm the rejection of dependent claim 18 and of claims 19 

16 and 20, which fall therewith. 
17 

18 Claims 53-56 

19 Appellants contend that "Claims 53-56 include various recitations 

20 related to particular data elements and platform control elements for 

21 different operating system platforms. . . .the recitations of these claims are 

22 clearly not disclosed in the excerpt from column 1 of Jacobson." (App. Br. 

23 9.) 

16 
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1 The Examiner found that Appellants "arguments fail to comply with 

2 37 CFR 1.1 1 1(b) because they amount to a general allegation that the claims 

3 define a patentable invention without specifically pointing out how the 

4 language of the claims patentably distinguishes them from the references." 

5 (Ans. 19.) We agree. 

6 Furthermore, we find that in addressing the rejection, Appellants only 

7 broadly address the rejection by highlighting portions of the claims {see 

8 Reply Br. 5). Appellants have not contested before us what Jacobson 

9 teaches according to the Examiner's positions. Patentability is therefore 

10 urged to be based upon the same analysis set forth with respect to the 

1 1 rejection of claims 1 and 11, which approach we have found unpersuasive. 



12 As such, we find the Examiner has set forth a sufficient initial 

13 showing of anticipation. Therefore, we affirm the rejection of dependent 

14 claims 53-56. 

15 VII. CONCLUSION 

16 We conclude that Appellants have not shown that the Examiner erred 

17 in rejecting claims 1-56. 

18 Thus, claims 1-56 are not patentable. 
19 

20 VIII. DECISION 

21 In view of the foregoing discussion, we affirm the Examiner's 

22 rejection of claims 1-56. 



17 
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1 No time period for taking any subsequent action in connection with 

2 this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. 

3 § 1.136(a)(l)(iv) (2007). 
4 

5 AFFIRMED 

6 
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